Security Articles

Extending Single Sign-On to Cloud: Convenience or Does it Sacrifice Security

It's challenging enough for service providers to manage security for a single cloud service, let alone multiple cloud services. But many companies are pursuing a multi-cloud strategy, a reality that seemingly conflicts with customer expectations of bulletproof yet uncomplicated security policies. 

Customers are demanding single sign-on (SSO) capabilities, but providers and customers will have to ask themselves if the convenience of cloud SSO is worth its potential security risks.

DevSecOps – Instilling a Security Culture

Do we still think cybersecurity is the sole responsibility of the Security team in an organization and it is their responsibility to assure that a released product has addressed all the security issues? Do we think it is secure to release the product into the competitive market at first and then to think about its security part? 

In order to survive in today's competitive world, IT companies have to come up with new and innovative products at a very faster pace. Adoption of DevOps has helped most organizations to compete more effectively in the market and to better serve their customers. But, for being a best-in-class technology company and to earn customer trust, is this enough? 

Penetration testing vs Vulnerability assessment

What is Vulnerability assessment?

  • Identify the security loopholes in a network or systems
  • Estimate how susceptible the network is to different vulnerabilities           

3 different ways to scan the network: -

  • Network scanning - Network scanning involves detecting all active hosts on a network and mapping them to their IP addresses. Port scanning refers to the process of sending packets to specific ports on a host and analyzing the responses to learn details about its running services or locate potential vulnerabilities.
  • Authenticated scanning - An authenticated security scan is vulnerability testing performed as a logged-in (authenticated) user. The method is also known as logged-in scanning. ... The method finds many vulnerabilities that cannot be detected through an unauthenticated scan.

The Need For a Modern Application Security Program

The Need For a Modern Application Security Program

The advent of new digital technologies has led to a significant transformation in the software development methodology in the past few years. The greater focus towards delivering customer-centric solutions has led to the adoption of new technologies & services with greater momentum. In this transformational landscape, the traditional application security practices have become outdated and require an application security program which integrates with the modern technologies and keeps pace with the development. The number of CVE reported is increasing year on year basis. For instance, in 2016, 6447 CVE’s[1] were reported, in 2017, 14714 and in 2018, 15400 have been reported, which means as enterprises are adopting modern technologies, and frameworks for software development, the attack surface has become wider and the risk of leaving the application vulnerable is higher.

Data hunting is Cybersecurity's skill of the future

Data hunting is Cybersecurity's skill of the future

The vast majority of white hat hackers who reported that they were looking for jobs in cybersecurity said that their bug hunting experience helped them land a job.

The report looked at the community of white hat hackers to better understand the skill sets and career aspirations of more than 750 security researchers and found that 41% of white hat hackers are self-taught. In addition, 80% of bug hunters said that their experience in bug hunting has helped them get a job in cybersecurity.

 “Cybersecurity isn’t a technology problem, it’s a people problem – and in the white hat hacker community there’s an army of allies waiting and ready to join the fight,” said Casey Ellis, founder and CTO at Bugcrowd in the release.

Exploit PoC_Linux unprivileged user access to systemctl command (CVE-2018-19788)

A new vulnerability CVE-2018-19788 has been discovered on Linux systems which effects on major Linux OS products including Red Hat, Debian, Ubuntu, and Cent OS. This vulnerability can be very easily exploited on Linux systems.

Vulnerability Summary: A low privilege user on most Linux systems with uid greater than 2147483647 automatically gets the system level privilege for issuing system level systemctl command.

A word about Polkit (formerly PolicyKit): Polkit is a component for controlling system-wide privileges in Unix-like operating systems. It provides an organized way for non-privileged processes to communicate with privileged ones. Polkit allows a level of control of centralized system policy.

Time-based Blind injection attacks and Countermeasures

A CSR or Certificate Signing request is a block of encrypted data that is generated on the server that the certificate is going to be used on. It contains information that will be needed to generate your certificate such as your organization name, common name (domain name), locality, and country. It also contains the public key that will be included in your certificate. A private key is usually generated while you create the CSR.

A certificate authority can use a CSR to create your SSL certificate, but it does not need your private key. You need to keep your private key secret. The certificate created with a CSR will only work with the private key that was generated with it. Hence if you lose the private key, the certificate will no longer work.

Contents

IAM Shortfalls : Solutions to Overcome

Identity & access management is the most important key factor in managing security, but it falls short when applying the same solution to all the enterprise data.

  • The major gap in unstructured data (files, emails, etc)

End users storing the data into various places like file shares, share point where we don’t have centralized IAM solution to monitor the user identity & access portion.

  • No single application for IAM to connect to, because end users are storing the data onto their own project application, O365 application storage, Microsoft one drive for storing the data. So IAM is missing the connection between AD users/groups and the folder and mailbox ACL’s

Solution to overcome these blunders.

Data Privay: What a Protected Data Really Means?

To Begin with, let us all  know the basis question: “What a Protected Data really means?”

Protected data, sometimes called as Personally Identifiable Information (or PII), is a term for information about a person that can be used to facilitate identity theft and other criminal acts. To make it more defined  and to know how much protection different types of data require, the CSU has developed a 3-tier classification system:

Pages

Subscribe to RSS - Security Articles